Re: [webauthn] appid extension: value when not acted upon? from Emil Lundberg via GitHub on 2018-06-13 (public-webauthn@w3.org from June 2018)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Jun 2018 09:14:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-396870987-1528881288-sysbot+gh@w3.org>

This is documented, perhaps not clearly enough in [§9. WebAuthn Extensions][ext]:

>All WebAuthn extensions are OPTIONAL for both clients and authenticators. Thus, any extensions requested by a Relying Party MAY be ignored by the client browser or OS and not passed to the authenticator at all, or they MAY be ignored by the authenticator. Ignoring an extension is never considered a failure in WebAuthn API processing, so when Relying Parties include extensions with any API calls, they MUST be prepared to handle cases where some or all of those extensions are ignored.

If an extension is not acted upon, then no value will be added to the extension outputs.

[ext]: https://w3c.github.io/webauthn/#extensions

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/948#issuecomment-396870987 using your GitHub account

Received on Wednesday, 13 June 2018 09:14:54 UTC